89782bda42fb86f2d6b81dc17ff0c382e8901a1faca7e141561af57eb2215f8c

Analysis

max time kernel
150s
max time network
32s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
06/06/2023, 01:37

Target

4c79b49a203edd1e36c026cb9751a805831703b01a0447361afcfe8db9707c82.exe
Size

687KB
MD5

a5a287e329d02dd5d3d7a33927f8c010
SHA1

de1c0df3338ae4a8e2bb2bb1555921dae6f1469c
SHA256

4c79b49a203edd1e36c026cb9751a805831703b01a0447361afcfe8db9707c82
SHA512

d7b55e27032f5253f6f440bc27b7ca805ac9e34fa07b3675b0e11061816928ff0ed628ffe63c7b4126f0a22471dd4ea4b48970fb05bb45f52d0531fef7edc49b
SSDEEP

12288:mE/nsY/Q69IYI9aysA2GD6WBZz/nGwayjP02KW5IneVS5BM7lPUj7PQixb7V:951bIR/2GpDz/n0yaWunR5BM7lgPQid

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1324 set thread context of 1312	1324	4c79b49a203edd1e36c026cb9751a805831703b01a0447361afcfe8db9707c82.exe	28

Suspicious behavior: EnumeratesProcesses 31 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1312	Caspol.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1324 wrote to memory of 1312	1324	4c79b49a203edd1e36c026cb9751a805831703b01a0447361afcfe8db9707c82.exe	28
PID 1324 wrote to memory of 1312	1324	4c79b49a203edd1e36c026cb9751a805831703b01a0447361afcfe8db9707c82.exe	28
PID 1324 wrote to memory of 1312	1324	4c79b49a203edd1e36c026cb9751a805831703b01a0447361afcfe8db9707c82.exe	28
PID 1324 wrote to memory of 1312	1324	4c79b49a203edd1e36c026cb9751a805831703b01a0447361afcfe8db9707c82.exe	28
PID 1324 wrote to memory of 1312	1324	4c79b49a203edd1e36c026cb9751a805831703b01a0447361afcfe8db9707c82.exe	28
PID 1324 wrote to memory of 1312	1324	4c79b49a203edd1e36c026cb9751a805831703b01a0447361afcfe8db9707c82.exe	28
PID 1324 wrote to memory of 1312	1324	4c79b49a203edd1e36c026cb9751a805831703b01a0447361afcfe8db9707c82.exe	28

memory/1312-56-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1312-57-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1312-59-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1312-58-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1312-60-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1312-61-0x0000000000DD0000-0x00000000010D3000-memory.dmp

Filesize
3.0MB

Download
memory/1324-54-0x0000000000050000-0x00000000000FC000-memory.dmp

Filesize
688KB

Download
memory/1324-55-0x00000000001F0000-0x00000000001FA000-memory.dmp

Filesize
40KB

Download